TROJ_PROXY.NEU
TrojanProxy:Win32/Bunitu!rfn (Microsoft)
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may arrive bundled with malware packages as a malware component. It may be dropped by other malware.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
Arrival Details
This Trojan may arrive bundled with malware packages as a malware component.
It may be dropped by other malware.
Other System Modifications
This Trojan creates the following registry entry(ies) to bypass Windows Firewall:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
"{dropper's file path}" = "{dropper's file path}:*:Enabled:{dropper's file name without file extension}"
Other Details
This Trojan connects to the following possibly malicious URL:
- 27858987.{BLOCKED}2.info
- 32629848.{BLOCKED}2.info
- 36900660.{BLOCKED}2.info
- cld1.{BLOCKED}net.com
- cld3.{BLOCKED}net.com
- {BLOCKED}q4oecon.cloudfront.net
- {BLOCKED}k649blg.cloudfront.net
- {BLOCKED}0am7dxp.cloudfront.net
- {BLOCKED}yrbagrg.cloudfront.net
It requires its main component to successfully perform its intended routine.